Commit Graph

56891 Commits

Author SHA1 Message Date
Fabrice Fontaine
575c60ff9a package/readline: add Signed-off-by and renumber patch
Add Signed-off-by and while at it, renumber it

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13731

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:04:11 +02:00
Bernd Kuhls
4eceaa242b package/kodi-pvr-vuplus: bump version to 7.4.3-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:03:19 +02:00
Peter Korsgaard
535c65594c package/i2c-tools: add upstream post-4.2 i2ctransfer fix
i2c-tools 4.2 contained an invalid check, leading to verbose false-positive
warning messages when the variable length ({r,w}?) option is used:

https://www.spinics.net/lists/linux-i2c/msg50032.html
https://www.spinics.net/lists/linux-i2c/msg50253.html

Unfortunately upstream does not make bugfix releases, instead opting to list
such bugfixes on the wiki:

https://i2c.wiki.kernel.org/index.php/I2C_Tools

So add the patch here.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 11:36:55 +02:00
Peter Korsgaard
7aee27c2b9 package/clamav: security bump to version 0.103.2
Fixes the following security issues:

- CVE-2021-1386: Fix for UnRAR DLL load privilege escalation.  Affects
  0.103.1 and prior on Windows only.

- CVE-2021-1252: Fix for Excel XLM parser infinite loop.  Affects 0.103.0
  and 0.103.1 only.

- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
  Affects 0.103.0 and 0.103.1 only.

- CVE-2021-1405: Fix for mail parser NULL-dereference crash.  Affects
  0.103.1 and prior.

- CVE-2021-27506: The ClamAV Engine (Version 0.103.1 and below) embedded in
  Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of
  parsing of malformed png files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 18:39:56 +02:00
Fabrice Fontaine
68c7be9c28 package/isl: bump to version 0.23
Update indentation in hash file (two spaces)

https://repo.or.cz/isl.git/blob/8cec80451ea4f2f225629527b99ee2dc54ac2cad:/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:31:27 +02:00
Fabrice Fontaine
44deddbf82 package/python-httplib2: add CPE variables
cpe:2.3🅰️httplib2_project:httplib2 is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ahttplib2_project%3Ahttplib2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:30:09 +02:00
Fabrice Fontaine
2050b4869d package/python-httplib2: security bump to version 0.19.1
- Fix CVE-2021-21240: httplib2 is a comprehensive HTTP client library
  for Python. In httplib2 before version 0.19.0, a malicious server
  which responds with long series of "\xa0" characters in the
  "www-authenticate" header may cause Denial of Service (CPU burn while
  parsing header) of the httplib2 client accessing said server. This is
  fixed in version 0.19.0 which contains a new implementation of auth
  headers parsing using the pyparsing library.
- Fix CVE-2020-11078: In httplib2 before version 0.18.0, an attacker
  controlling unescaped part of uri for `httplib2.Http.request()` could
  change request headers and body, send additional hidden requests to
  same server. This vulnerability impacts software that uses httplib2
  with uri constructed by string concatenation, as opposed to proper
  urllib building with escaping. This has been fixed in 0.18.0.
- Use LICENSE file instead of PKG-INFO
- pyparsing is a runtime dependency since version 0.19.0 and
  bd9ee252c8

https://github.com/httplib2/httplib2/blob/v0.19.1/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:29:23 +02:00
Fabrice Fontaine
b27d514c7d package/python-zeroconf: bump to version 0.29.0
Update indentation in hash file (two spaces)

https://github.com/jstasiak/python-zeroconf/tree/0.29.0#changelog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:29:10 +02:00
Fabrice Fontaine
f90056070b package/python-pyelftools: bump to version 0.27
Update indentation in hash file (two spaces)

https://github.com/eliben/pyelftools/blob/v0.27/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:28:57 +02:00
Fabrice Fontaine
16770c8cb9 package/sysdig: add SYSDIG_CPE_ID_VENDOR
cpe:2.3🅰️sysdig:sysdig is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asysdig%3Asysdig

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:28:41 +02:00
Fabrice Fontaine
6db751e1e1 package/network-manager: bump to version 1.22.16
Notice: This fixes a security issue, but in code not used in Buildroot:

ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting this
property silently fails and a profile might accidentally not perform
any authentication (CVE-2020-10754).

Update indentation in hash file (two spaces)

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.22.16/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: Clarify that security issue isn't applicable to Buildroot]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:29:05 +02:00
Fabrice Fontaine
6aa602e783 package/x11r7/xdriver_xf86-video-ati: add missing dependency
Fix the following build failure which is raised since commit
a3aac6d847:

WARNING: unmet direct dependencies detected for BR2_PACKAGE_MESA3D_DRI_DRIVER_RADEON
  Depends on [n]: BR2_PACKAGE_MESA3D [=y] && (BR2_i386 [=n] || BR2_x86_64 [=n])
  Selected by [y]:
  - BR2_PACKAGE_XDRIVER_XF86_VIDEO_ATI [=y] && BR2_PACKAGE_XORG7 [=y] && BR2_PACKAGE_XSERVER_XORG_SERVER_MODULAR [=y] && BR2_PACKAGE_MESA3D [=y]

Fixes:
 - http://autobuild.buildroot.org/results/36773085f933ab2ee558f53a6c0ae5365077ad5e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:16:55 +02:00
Julien Olivain
7e02d2e762 package/fluidsynth: bump to version 2.2.0
For change log since v2.1.5, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.6
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.7
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.8
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.2.0

./utils/test-pkg --package fluidsynth
6 builds, 2 skipped, 0 build failed, 0 legal-info failed

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:15:19 +02:00
Bernd Kuhls
d69f1f7b32 package/libdrm: bump version to 2.4.105
Removed patch 0001, committed upstream:
https://cgit.freedesktop.org/mesa/drm/commit/?id=52f05d3d896480ee5431dcd444f53bb2a8e41cce

Renumbered remaining patch.

Updated license hash due to upstream commits:
https://cgit.freedesktop.org/mesa/drm/log/xf86drm.c

Release notes:
https://lists.freedesktop.org/archives/dri-devel/2021-April/302515.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:12:27 +02:00
John Keeping
eb8824ddc0 package/kexec: bump to version 2.0.21
https://lists.infradead.org/pipermail/kexec/2020-December/021835.html

Both patches were backports and are included in the 2.0.21 release so
they are deleted.

Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:09:47 +02:00
Bernd Kuhls
e243ec75f3 package/ffmpeg: bump version to 4.4
Remove wavpack-related patch and configure options due to upstream
removal of wavpack support:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=45070eec4c089b06947f07e25cdb1bc8b2102553

Changelog:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;;hb=refs/heads/release/4.4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 22:53:50 +02:00
Bernd Kuhls
25135631d2 package/kodi-pvr-iptvsimple: bump version to 7.6.1-Matrix
Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt

Upstream added a dependency to xz:
8f19dac9a5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 22:46:18 +02:00
Bernd Kuhls
a70e5a708f package/kodi-inputstream-ffmpegdirect: bump version to 1.20.1-Matrix
Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 22:45:55 +02:00
Francois Perrad
8b65b4d60d configs/mx6cubox: bump Linux and U-Boot versions
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:22:40 +02:00
Fabrice Fontaine
b1ce058e45 package/attr: bump to version 2.5.1
Drop second patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:22:18 +02:00
Fabrice Fontaine
a28e511cd7 package/acl: bump to version 2.3.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:21:48 +02:00
Fabrice Fontaine
678edb144b package/acl: add ACL_CPE_ID_VENDOR
cpe:2.3🅰️acl_project:acl is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aacl_project%3Aacl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:21:02 +02:00
Fabrice Fontaine
1feedcd845 package/openldap: bump to version 2.4.58
Drop fifth patch (already in version)

https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4_58/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:20:13 +02:00
Fabrice Fontaine
5f2d38df4f package/bridge-utils: bump to version 1.7.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:19:34 +02:00
Bernd Kuhls
ad259f06cc package/x11r7/xlib_libXaw: bump version to 1.0.14
Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003077.html

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:18:05 +02:00
Bernd Kuhls
248fdccce4 package/x11r7/xlib_libXres: bump version to 1.2.1
Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003078.html

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:17:56 +02:00
Bernd Kuhls
cff9e4bab0 package/x11r7/xdriver_xf86-input-libinput: bump version to 1.0.0
Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003079.html

Updated license hash due to upstream commit:
https://cgit.freedesktop.org/xorg/driver/xf86-input-libinput/commit/?id=2bbc4727a12471e3699e2803404a013656066a94

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:17:44 +02:00
Fabrice Fontaine
aaa96d7887 package/python-markdown2: add PYTHON_MARKDOWN2_CPE_ID_VENDOR
cpe:2.3🅰️python-markdown2_project:python-markdown2 is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-markdown2_project%3Apython-markdown2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:15:56 +02:00
Francois Perrad
22bb5c4e63 package/quickjs: bump to version 2021-03-27
- remove patch (merged upstream)
- file LICENSE added

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:14:18 +02:00
Fabrice Fontaine
24e26793bc package/network-manager-openvpn: bump to version 1.8.14
Update indentation in hash file (two spaces)

https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/blob/1.8.14/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:13:11 +02:00
Bernd Kuhls
15a2f9b819 package/{mesa3d, mesa3d-headers}: bump version to 21.0.2
Release notes:
21.0.0: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000622.html
21.0.1: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000624.html
21.0.2: https://lists.freedesktop.org/archives/mesa-announce/2021-April/000625.html

DRI swrast driver was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=435de835cd639d1b9bb96f81fc224771dc90af6d

OSMesa classic support was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=ee802372180a2b4460cc7abb53438e45c6b6f1e4

To avoid any conflict, and to show that the new OSMesa is Gallium-based,
we name the new option with a _GALLIUM suffix, even though this is now
the only OSMesa implementation left.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
  - rename the new option s/$/_GALLIUM/
  - don't drop the the old (pre-classic) legacy option
  - slightly reword the OSMesa help entry
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-07 23:24:25 +02:00
Bernd Kuhls
acd317d907 package/tor: do not install systemd service file
Upstream removed the sample service file for use with systemd:
https://gitweb.torproject.org/tor.git/commit/contrib?h=maint-0.4.5&id=915af1a65bc217fa33490876199bb69f760bea23

Fixes:
http://autobuild.buildroot.net/results/b80/b807f19283528b9f0d0c46250b660ea84695679c/
http://autobuild.buildroot.net/results/de4/de4f1a99b1c524b81579ee804156e26d3f8babe7/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:27:05 +02:00
Fabrice Fontaine
552ba842b7 package/iwd: bump to version 1.13
iwd fails to build since bump of ell to version 0.39 in commit
9988ca9ead:

/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64-buildroot-linux-gnu/9.3.0/../../../../powerpc64-buildroot-linux-gnu/bin/ld: src/ie.o: in function `ie_parse_data_rates':
ie.c:(.text+0x23ac): undefined reference to `minsize'

This is fixed by
https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=17cf4da72613e80d08d51401399d02683ba8664b

Use official iwd tarball which will contain ell/useful.h header

https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=1.13

Fixes:
 - http://autobuild.buildroot.org/results/44e243530cbcec1c88511bb22f5e8e4655c43824

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:23:02 +02:00
Dick Olsson
09d3f13053 package/s6-rc: bump to version 0.5.2.1
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:17:50 +02:00
Dick Olsson
e88edae046 package/s6-networking: bump to version 2.4.1.0
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:17:29 +02:00
Dick Olsson
b14b2844f7 package/s6-dns: bump to version 2.3.5.0
Update license hash due to year change.

Refer to the change set described for s6-networking in the announcement:
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:16:20 +02:00
Dick Olsson
6d49b14165 package/s6-linux-utils: bump to version 2.5.1.4
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:15:15 +02:00
Dick Olsson
4376edb2d0 package/s6-portable-utils: bump to version 2.2.3.1
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:14:42 +02:00
Dick Olsson
7f552c710f package/s6: bump to version 2.10.0.2
Update license hash due to year change.

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:13:54 +02:00
Dick Olsson
86f7634baf package/execline: Fix license hash after bump to version 2.8.0.0
Updated license hash due to year change.

Commit bf66772c9b was accidentally based
on v1 of this patch.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:13:03 +02:00
Dick Olsson
965bf9e0ca package/skalibs: Fix license hash after bump to version 2.10.0.2
Updated license hash due to year change.

Commit 4d5587cb56 was accidentally based
on v1 of this patch.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:11:26 +02:00
Peter Seiderer
097da083b1 package/valgrind: fix musl compile
The file musl.supp is missing from the download source package, add a
patch deviated from reduced upstream commit ([1]) re-adding the missing file.

Fixes:

  - http://autobuild.buildroot.net/results/b106be44d6e7d82a4e3ad16c995366a46d39ee3c

  make[1]: *** No rule to make target 'musl.supp', needed by 'default.supp'.  Stop.

[1] https://sourceware.org/git/?p=valgrind.git;a=patch;h=f4d98ff79d5a79102b777ea7e23002d9f7326489

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:07:37 +02:00
Dick Olsson
39763ca74e DEVELOPERS: Add Dick Olsson for all skarnet and s6 packages
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:46:30 +02:00
Bernd Kuhls
47b1bbd2f4 package/kodi-pvr-iptvsimple: bump version to 7.6.0-Matrix
Release notes:
https://github.com/kodi-pvr/pvr.iptvsimple/releases/tag/7.6.0-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:43:30 +02:00
Peter Korsgaard
3eadd76740 package/avahi: ignore CVE-2021-26720
CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is part of
the Debian packaging and not part of upstream avahi - So ignore the CVE.

https://security-tracker.debian.org/tracker/CVE-2021-26720

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:41:14 +02:00
Dick Olsson
bf66772c9b package/execline: bump to version 2.8.0.0
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:41:09 +02:00
Dick Olsson
4d5587cb56 package/skalibs: bump to version 2.10.0.2
- Drop patch that has been included upstream

http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:41:09 +02:00
Peter Korsgaard
168bb8c336 docs/website: update for 2021.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 13:37:12 +02:00
Peter Korsgaard
a74cb089cb Update for 2021.02.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb10b0dfe6)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 13:34:27 +02:00
Peter Korsgaard
0918d2bf2d package/nodejs: security bump to version 12.22.1
Fixes the following security issues:

CVE-2020-7774: npm upgrade to 6.14.12 - Update y18n to fix
Prototype-Pollution (High)

This is a vulnerability in the y18n npm module which may be exploited by
prototype pollution.

https://github.com/advisories/GHSA-c4w7-xm78-47vh

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 11:21:12 +02:00